1. Data Controller

The data controller responsible for your personal data is:

• Project: Black Pearl — Ghost Waters
• Contact: Via official Telegram channel listed on the Website
• Website: blackpearl.finance

2. What Data We Collect

We collect only the minimum data necessary to operate the platform. We do not collect names, surnames, national ID numbers, or traditional financial information unless required by law (e.g., KYC procedures).

Data Type	What Exactly	How Collected
Wallet Address	Your public BSC wallet address (e.g. 0x...)	When you connect MetaMask or interact with presale contract
IP Address	Your internet IP address	Automatically via web server logs
Browser Data	Browser type, OS, language, screen resolution	Automatically via browser headers
Transaction Data	On-chain transaction hashes, USDT amounts, token amounts	Recorded on BSC blockchain — publicly visible
Email (optional)	If you voluntarily subscribe to updates	Newsletter signup form (if applicable)
Usage Data	Pages visited, time on site, clicks	Analytics tools (if implemented)

3. Why We Collect This Data (Legal Basis)

Data	Purpose	Legal Basis (GDPR)
Wallet address	Execute token distribution, verify presale participation, enable token claims	Contract performance (Art. 6(1)(b))
IP address	Security monitoring, fraud prevention, geographic restriction enforcement	Legitimate interest (Art. 6(1)(f))
Browser data	Website functionality, security	Legitimate interest (Art. 6(1)(f))
Email	Send project updates if subscribed	Consent (Art. 6(1)(a))
Transaction data	Record-keeping, compliance, dispute resolution	Legal obligation / Contract (Art. 6(1)(b)(c))

4. Blockchain Data — Special Notice

Wallet addresses and all on-chain transactions are recorded permanently on the Binance Smart Chain blockchain. This data is public, immutable, and beyond our ability to delete. By interacting with any smart contract, you acknowledge that your wallet address and transaction history will be permanently and publicly visible on the blockchain. This is an inherent property of blockchain technology and not within the Project's control.

5. How We Protect Your Data

• We do not store private keys, seed phrases, or passwords — ever
• Any off-chain data is stored on secured servers with access controls and encryption at rest
• We use HTTPS/TLS for all web communications
• Access to data is limited to project team members on a need-to-know basis
• We do not use unsecured third-party analytics that transmit personal data to external servers without your consent

6. Data Sharing & Third Parties

We do not sell, rent, or trade your personal data to third parties for commercial purposes. We may share data in the following limited circumstances:

• BSCScan / Blockchain Explorers: Transaction data is inherently public on-chain and visible via block explorers
• PancakeSwap: When you interact with liquidity pools post-TGE, your wallet address is visible on-chain
• Legal Authorities: If required by applicable law, court order, or regulatory obligation
• KYC Providers: If KYC procedures are implemented, a compliant third-party provider may process identity data under their own privacy policy

7. Data Retention

• Wallet addresses / transaction data: Retained for the duration of the project and up to 5 years post-TGE for compliance purposes
• IP addresses / server logs: Retained for up to 90 days, then deleted
• Email addresses: Retained until you unsubscribe; deleted within 30 days of unsubscribe request

8. Your Rights Under GDPR

If you are located in the European Economic Area (EEA), you have the following rights:

• Right of Access (Art. 15): Request a copy of the personal data we hold about you
• Right to Rectification (Art. 16): Request correction of inaccurate data
• Right to Erasure (Art. 17): Request deletion of your data ("right to be forgotten") — note: blockchain data cannot be deleted
• Right to Restriction (Art. 18): Request that we restrict processing of your data
• Right to Data Portability (Art. 20): Receive your data in a structured, machine-readable format
• Right to Object (Art. 21): Object to processing based on legitimate interests
• Right to Withdraw Consent (Art. 7(3)): Withdraw consent at any time for consent-based processing (e.g., email newsletter)

To exercise any of these rights, contact us via the official Telegram channel. We will respond within 30 days. Note that certain rights cannot apply to publicly recorded blockchain data.

9. Cookies

This Website may use minimal technical cookies necessary for the proper functioning of the site (session cookies, security cookies). We do not use advertising cookies or cross-site tracking cookies. A cookie consent notice will be displayed on first visit where required by law.

You can disable cookies in your browser settings; however, this may impact website functionality.

10. Children's Privacy

This Website and the $PEARL token distribution are not directed at persons under the age of 18. We do not knowingly collect personal data from minors. If you believe a minor has provided us with personal data, contact us immediately so we can take appropriate action.

11. International Data Transfers

Your data may be processed in countries outside the EEA. Where this occurs, we ensure appropriate safeguards are in place in accordance with GDPR Chapter V requirements (e.g., Standard Contractual Clauses).

12. Changes to This Policy

We reserve the right to update this Privacy Policy at any time. We will notify users of material changes by posting the updated policy on this page with a revised "Last Updated" date. We encourage you to review this Policy periodically.

13. Contact & Complaints

For privacy-related inquiries, contact us via the official Telegram channel listed on the Website.

If you are located in the EU/EEA and believe your data protection rights have been violated, you have the right to lodge a complaint with the Data Protection Authority (DPA) in your country of residence or place of work.